County Council hit by ransomware refuses to pay 'one million pound demand'
Lincolnshire County Council has refused to pay a ransom after it was hit by cyber criminals demanding money to unlock its data and computer systems.
While the council initially thought the ransomware on its computers was asking for £1 million to decrypt its data, it was actually being asked to pay £350 in Bitcoin.
Chief information officer Judith Hetherington-Smith told the BBC the council would not be giving in to the demand, which the malware said would increase over time if it didn’t pay.
“We are not going to pay,” she said. “We wouldn’t pay a ransom fee.” Instead, the council closed down its systems on Tuesday and scanned its 70 terabytes of data to make sure it was clean of the ransomware, which is believed to have been delivered via email.
It repeatedly told Twitter followers its services were limited last week due to a “malware attack”, before announcing on Sunday that it expected to be back online on Monday morning.
Hetherington-Smith said the council’s anti-virus software and security defences were up-to-date and it is believed the incident was a zero-day attack.
Lincolnshire County Council tweeted that no data had been stolen. “Ransomware is becoming an increasing problem,” said David Flower, managing director for the EMEA region at security firm Carbon Black. “But we often do not see the scale of the problem as many organisations simply pay up and stay quiet about it.
“Here, we can see that this was a zero day attack; this strand of malware has never been seen before on any machine.
“Zero days are problematic, as traditional security solutions such as anti-virus rely on blacklisting – they have a set of known threats that they detect.
“If a file doesn’t appear on their list, they let it through – so if the threat has never been seen before then this system falls down.
“As such, phishing emails with ransomware can easily sneak into user inboxes. The user clicks on the attachment, and boom – the bad guys are in.”
According to statistics from Verizon, ransomware accounted for nearly five per cent of crimeware incidents investigated in 2015.
As many as 23 per cent of recipients open phishing messages used to transmit ransomware and other malware and 11 per cent are estimated to click on the attachments.